Splunk SOAR
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

What are the list of credentials that are acceptable for Just in Time entry?

Dave_Burns
Path Finder
‎07-25-2022 08:46 AM

What are the list of credentials that are acceptable for Just in Time entry?

Or is there a way to add to that list when creating our own apps? 

Looking through the documentation for the metadata, I'm not seeing anything. 

Labels (2)
Tags (1)
Reply

inventsekar
SplunkTrust
SplunkTrust
‎07-25-2022 03:57 PM

i am not much aware of Phantom and its pretty new to Splunk(i think around 3 years ago, just before the Covid, Splunk accquired this phantom).
The "Security Orchestration" may require this JIT concepts, that is understood.  lets wait for some Phantom guys to reply to you. 

PS - on ur question you tagged phantom... i thought for few seconds about that.. but, then, i thought u r a developer who starting new with splunk. my mistake and misunderstanding. 

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
0 Karma
Reply

Dave_Burns
Path Finder
‎07-25-2022 10:32 AM

Thanks @inventsekar for trying to provide some insite. 

yeah, I'm familiar w/ the authentication methods. But I'm specifically talking about this:

https://docs.splunk.com/Documentation/Phantom/4.10.4/Admin/AppsAssets#Configure_Just_In_Time_Credent...

It's actually kinda cool to see, for instance in the built in ssh app. 

Dave_Burns_0-1658770217734.png

But looking at the app code I'm not seeing how it indicated those as being choices from the option asset settings entered further up that page. 

0 Karma
Reply

phanTom
SplunkTrust
SplunkTrust
‎07-26-2022 07:31 AM

@Dave_Burns I have looked into this and can confirm that is presents all "string" and "password" asset configuration parameters defined in the app JSON. 

You won't see any "numeric" or "boolean" asset configuration params in the JIT list. 

Happy SOARing!

Reply

Dave_Burns
Path Finder
‎07-27-2022 05:24 AM

Thanks @phanTom, glad to know what's supposed to be going on behind the scenes. 

Makes me wonder why some of our homebrew apps aren't working that way but hey, I've got the information I asked for! Which gets me closer to the end.

0 Karma
Reply

inventsekar
SplunkTrust
SplunkTrust
‎07-25-2022 08:53 AM

Hi @Dave_Burns .. As per my knowledge, there is no "Just in time Credentials" (google defines this JIT as... "Just-in-Time (JIT) access is a fundamental security practice where the privilege granted to access applications or systems is limited to predetermined periods of time, on an as-needed basis. This helps to minimize the risk of standing privileges that attackers or malicious insiders can readily exploit.")

You can learn more about Splunk's Authentication methods available to us:

https://docs.splunk.com/Documentation/Splunk/9.0.0/InheritedDeployment/Usersrolesandauthentication

 

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability Synthetic Monitoring - Resolved Incident on Detector Alerts

We’ve discovered a bug that affected the auto-clear of Synthetic Detectors in the Splunk Synthetic Monitoring ...

Video | Tom’s Smartness Journey Continues

Remember Splunk Community member Tom Kopchak? If you caught the first episode of our Smartness interview ...

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud? Learn how unique features like ...